54a303cf834f2d2747d57597bda7e3f70dd39b64448dfc85ae3fe38316e07e9d

General

Target

942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
Size

90KB
MD5

942da42daa788773dffa7e079a4cf950
SHA1

f27aeaf2b8514c9406232757f4cc0d9595b83fdd
SHA256

54a303cf834f2d2747d57597bda7e3f70dd39b64448dfc85ae3fe38316e07e9d
SHA512

6784c84b13a619c8b5aafe1947309635b27869c89dc4d2a779725d58fe5067b275c96b36ed27f4bc3a678fc9bf89c3ede5be529b426f4bc652fec606c21b53d5
SSDEEP

1536:W7ZhA7pApvOsOKjC0YSilpFpfkJOM2kJOMIsKsc696xZDKUXxXD:6e7WpXYvndvKUXxXD

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3458) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

Processes:

942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe

description	ioc	process
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Full\NavigationRight_SelectionSubpicture.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\net.properties.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.simpleconfigurator.manipulator_2.0.0.v20131217-1203.jar.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-filesystems.xml.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Choibalsan.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-7.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_image-frame-border.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Travel\TravelIntroToMain.wmv.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\SystemV\CST6.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.browser.ja_5.5.0.165303.jar.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\Mso Example Setup File A.txt.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\Hand Prints.htm.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\it-IT\sqloledb.rll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\LayeredTitles\blackbars60.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\javap.exe.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\com.jrockit.mc.rcp.product_5.5.0.165303\feature.properties.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\update_tracking\org-netbeans-core-multitabs.xml.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-lib-profiler-charts_ja.jar.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-next-over-select.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\MST7MDT.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.emf.ecore_2.10.1.v20140901-1043\feature.xml.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.rcp_4.4.0.v20141007-2301\epl-v10.html.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\de\ReachFramework.resources.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\de-DE\settings.html.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AcroRd32.exe.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Performance\Title_Page_PAL.wmv.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\javacpl.exe.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\wa\LC_MESSAGES\vlc.mo.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_concat_plugin.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Defender\es-ES\MpEvMsg.dll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Journal\it-IT\JNTFiltr.dll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\Images\settings_left_hover.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\Ole DB\es-ES\oledb32r.dll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\fxplugins.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-modules-sendopts.jar.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libscaletempo_plugin.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\mux\libmux_avi_plugin.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\it-IT\js\settings.js.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\AssertBackup.vstx.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\de-DE\TipTsf.dll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\feedbck2.gif.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\th\LC_MESSAGES\vlc.mo.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\de-DE\wmplayer.exe.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\27.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\SpecialNavigationRight_ButtonGraphic.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.ui.workbench.addons.swt.nl_zh_4.4.0.v20140623020002.jar.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libtcp_plugin.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\it-IT\WMPMediaSharing.dll.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\about.html.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\features\org.eclipse.ecf.filetransfer.ssl.feature_1.0.0.v20140827-1444\feature.properties.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.emf.common_2.10.1.v20140901-1043.jar.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\Modules\org-netbeans-swing-plaf.xml.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\fontconfig.bfc.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\net.properties.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\access\libaccess_realrtsp_plugin.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Weather.Gadget\images\39.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\olh001.htm.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Antarctica\Casey.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\liblibmpeg2_plugin.dll.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\fr-FR\wmpnscfg.exe.mui.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\drag.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\GoldRing.png.tmp	942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\942da42daa788773dffa7e079a4cf950_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2884

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-3627615824-4061627003-3019543961-1000\desktop.ini.tmp
Filesize
90KB

MD5
14c3eee35303c529e5d0e88608ef5361

SHA1
279bbae023c65e36af1daf25a4aecedb2beba086

SHA256
73241deabb7d8688653fef31b6951000ff06b0864af033a5704d72fed47f2690

SHA512
73c11a2e5e9f69746f61797fe8f6c3abc513842d50a21a389c69a39afcc6bdca3c215739c99bdeaea08fc1c2cd2bd47ef7e063caa6da51a69bfdfeb887f37603

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp
Filesize
99KB

MD5
4b4160c57330516040429f636b3f45c7

SHA1
bc4dba6690e6de1f531c526524f2a65eb81ed165

SHA256
59123bd8fb70451f6535a9b63d81422929041606cae83e8737d8ae95a314b180

SHA512
44e27b9df50933b544fef784cb6d80269e72afb4ae1b2c1f81984d27f697a00d0a6c3d759a2397f7211043c6e5d2d4411bb3187314d97fcb3e5e5592393172f4

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads